Status: Gathering Impact (View Workflow)
8.5.0, 8.5.7, 8.13.3
Severity 2 - Major
If a dashboard/filter is shared to Public("Anyone on the web"), but Sharing with anyone
on the web is turned , when attempting to , the admin receives the following error:
Dashboards and filters in this Jira instance cannot be shared with anyone on the web anymore. If you want to modify this item, you must change the Shares so that it is not shared with anyone on the web.
It may be impossible to change the ownership of that filter/dashboard if the filter/dashboard is owned by someone else (potentially who is no longer contactable), and the admin does not have permissions, because the admin is not able to edit existing permissions unless they are the owner, or have (EDIT) permissions (
Users fixing filters/dashboards that need to be remediated is harder due to
Steps to Reproduce
- Jira Admin -> System -> General Configuration -> Sharing with anyone on the web: ON
- Create a dashboard. You are the owner of this dashboard.
- Share the dashboard to Anyone on the web (VIEW)
- Jira Admin -> System -> General Configuration -> Sharing with anyone on the web: OFF
- Jira Admin -> System -> Shared Dashboards
- Find your dashboard and click Change Owner
- Attempt to change the owner to someone else
- The error is shown
The dashboard ownership is changed. The admin can then remove the Anyone on the web share setting.
The admin receives the error above and is unable to remove the share.
- Temporarily enable public sharing via Jira Admin -> System -> General Configuration -> Sharing with anyone on the web: OFF
- Remove the Anyone on the web share from the affected filter(s)/dashboard(s)
- Disable public sharing via Jira Admin -> System -> General Configuration -> Sharing with anyone on the web: OFF
- is related to
JRASERVER-18076 Warn about assigning "Anyone" group in Global and Project permissions
- relates to
JRASERVER-68523 When you remove a user from a group added to the Dashboard Editors, that user will not be able to edit their own Dashboard
JRASERVER-41269 Allow administrators to manage private filters, subscriptions and dashboards owned by other users
- mentioned in